IPsec VPNs started with installed clients, but lost favor when customers realized that there are many users who didn't really need clients in order to get their jobs done.
SSL VPNs started with browser-only access, but most products ended up adding bits of client-side software to support more and more applications.
In the end, I think most customers really want a single VPN concentrator that's flexible enough to support multiple methods. That way, VPN admins can decide which method each user needs and deserves, and they can easily change their minds later, while still bringing all users in through a common network entry point to simplify access control and auditing.
Workers that really need installed clients are those who use more demanding bidirectional applications -- VoIP is a common example. They can also be employees that require broad access to many destinations inside the private network, such as database and system administrators. Finally, it is not unusual for companies to extend browser-based access to new users, but leave existing users with installed clients alone -- at least initially.
